Kubernetes: Compromise of node can lead to compromise of pods on other nodes

Hi Kubernetes team,

Summary:

If an attacker manages to escape a (eg. privileged) container and gains access to the underlying node it can replace the Kubelet process listening on port 10250/10255 on the node. A fake Kubelet server issueing 301 redirects can trick ‘kubectl’ (or other clients) into issueing commands against a other pods in the cluster. This attack bypasses firewalling configurations where nodes cannot talk directly to eachother on port 10250/10255 and also works when port 10250 requires authentication since kubectl is happy to resend the Authorization header / bearer token when a 301redirect is received.

Kubernetes Version:

1.14.10

Component Version:

kubelet/kubectl

Steps To Reproduce:

1. Attacker escapes container
2. Attacker issues a 'kill -9 pidof kubelet; python fakekubet.py (see attachment)
3. Attacker waits for a /exec request coming in to the fakekubelet.py server, and redirects it (with an arbitrary command) to another node.

Example exec request for ‘hello-app’ by kubectl:
10.138.0.10 - - [01/May/2020 11:28:55] “POST /exec/default/hello-server-7f8fd4d44b-j5rsc/hello-app?command=%2Fbin%2Fs&input=1&output=1&tty=1 HTTP/1.1” 307 -

Example response by the fakekubelet:
HTTP/1.1 301 Redirect
Location: https://10.138.0.8/exec/default/victim-67c59cd9f4-vm5dl/nginx?command=/bin/arbitrary_command_here&error=1&input=1&output=1&tty=0

4. kubectl follows the redirect and contacts the victim node, requesting /exec as specified by fakekubelet.py (can also redirect to ‘master’)
5. arbitrary command is executed on the victim node

Supporting Material/References:

attachment 1: fakekubelet.py
attachment 2: ugly_diagram.png
related Kubelet code: https://github.com/kubernetes/kubernetes/blob/4a6935b31fcc4d1498c977d90387e02b6b93288f/pkg/kubelet/server/server.go#L257-L263

I hope this helps!

Kind regards,
Offensi.com

Wouter ter Maat

Impact

execute arbitrary command in victim’s pod